Harness the Power ooz Allen Cyber. Booz Allen Cyber Solutions Network

Transcription

1 Harness the Power ooz Allen Cyber Booz Allen Cyber Solutions Network

2 Introduction The Client Challenge Backed by the power of the Internet, organizations are more intelligent, more efficient, and more connected today than ever before but this progress comes with enormous risk. Today s networks contain more valuable information than at any time in history, and IT systems play an essential role in delivering critical healthcare, energy, finance and communications services. Protecting these networks has become vital not only to our nation s economic stability, but to our national security as well. Yet as society relies more heavily on IT networks, cyber attacks are becoming more frequent and sophisticated. According to the Norton Cybercrime Report 2011, more than 431 million people around the world were affected by cyber attacks during the year, placing the cost of global cybercrime at approximately $114 billion. Volatile nation states, hacktivists and other cyber criminals are using rapidly evolving techniques to steal information and expose sensitive data, for economic and political gain. Many major US corporations have been victimized by cybercrime, and the US Department of Defense released a Cyber Policy Report outlining an updated strategic framework for protecting US cyber targets in light of the escalating threat environment. It s a new world, and the frontlines of global competition reside in cyber space. To keep pace, you need access to current cyber talent, knowledge and technology resources to thwart advancing threats before they escalate. Without the ability to scale cyber defenses, key public and private sector targets face imminent and devastating financial and operating risk, loss of reputation, and compromised national security.

3 Think Beyond Technology: Booz Allen s Unique Cyber Approach Defending critical IT assets in the cyber age involves far more than the right technology - it requires continuous preparedness. It takes a new breed of cyber expert capable of diagnosing threats and building solutions that thrive in today s cyber battleground. It takes specialized knowledge to navigate an increasingly complex policy, regulatory, and compliance landscape. It takes continuous, forward-looking training that keeps cyber talent one step ahead of cyber enemies. When these components are combined with the latest technology tools and intelligence analysis methods, the result is a cyber defense ready for tomorrow s threats. To help you become cyber ready, we develop customized action plans based on our Cyber Mission Integration Framework, addressing five critical elements: people, policy, operations, technology, and management. Our comprehensive approach integrates all of the essential resources from across your organization to build nimble, effective long-term cyber solutions. Mitigate Risk through Dynamic Defense Cybersecurity has evolved from an IT challenge to an enterprise risk management challenge. You still have to focus on protecting networks to maintain business and operational functions, but today s threats pose risks beyond operations - including loss of reputation, intellectual capital, competitiveness, and financial viability. The stakes are higher, the threats are more complex, and solutions must go beyond IT to address the people, policy, operations and management strategies critical to cyber defense. Our Dynamic Defense methodology can help you design a customized cyber strategy equipped with multiple layers of security, each serving to reduce threats and mitigate overall risk. Dynamic Defense is achieved through four main pillars: r Threat Vector Intelligence: actively scans networks and systems, constantly gathering information and intelligence from all sources to 1) understand your organization s vulnerabilities and 2) identify trends and develop insights into current and emerging threats. r Rapid Response: responds in real-time to breaches and attacks, keeps networks and systems operational, uncovers and roots out attackers, all while measuring potential impacts on brand and reputation. r Evolutionary Response: identifies cybersecurity strengths and weaknesses through vulnerability assessments, post-event analyses, and other cyber diagnostics that drive continuous learning and the evolution into a more mature, and more effective, cyber defense organization. r Integrated Remediation: implements the improvements, best practices, and lessons learned across all organizational components including policy, people, management, technology, and operations to address vulnerabilities and strengthen overall security. 1

4 Booz Allen s Cyber Solutions Network Booz Allen Cyber Solutions Network capabilities bring the promise of Dynamic Defense to life. The Booz Allen Cyber Solutions Network is a virtually-connected constellation of centers and labs, each bringing unique cyber tools and expertise to your cyber challenges. It takes a network of cyber resources to defend a network, which is why the Booz Allen Cyber Solutions Network offers clients access to thousands of cyber experts, proven technologies and the latest training resources, available at any time, from any location. As threats to your organization escalate, or a breach is detected, the entire Booz Allen Cyber Solutions Network scales in response. When you touch one center in the network, the entire network lights up and all center capabilities are at your fingertips. 2 Only innovation can outpace rapidlyevolving cyber criminals, and innovation is the backbone of the Booz Allen Cyber Solutions Network. Capabilities are aligned around four core service areas of cybersecurity: advanced cyber analytics, computer network defense, product testing and evaluation, and comprehensive cyber training. We offer clients access to continuous network monitoring, proactive threat detection, technology evaluation data and virtual education courses all within a secure environment that allows for real-time collaboration with some of the top cyber experts in the world.

5 Predict, Respond, Evolve The Booz Allen Cybersecurity Core Service Areas Wisdom is dynamic in the age of cyber defense. Before you can respond, you must identify. Early threat detection not only prevents cyber attacks, it saves thousands of staff hours spent on response. The best defense involves proactively understanding your threat environment, which often requires analysis of massive amounts of information. For example, open source intelligence, gleaned from public information sources like the Internet (blogs, forums, social media), can be extremely valuable, but the volume, diversity, and complexity of this data can make analysis challenging. Even structured data sources like law enforcement records can be so large that isolating actionable intelligence can be time-consuming. To help you derive value from massive volumes of data and connect the dots on potential cyber threats, our Advanced Cyber Analytics capabilities offer the latest data analysis and visualization technologies. These tools simplify the process of identifying trends, anomalies, relationships and other useful connections within data sets, while performing mission-specific functions like translating large amounts of foreign-language content. Not only do you get access to proven, predictive cyber intelligence tools, but you pay for these critical resources on cost-per-use basis, avoiding the expense of purchasing and maintaining an entire analytics solution. 3

6 It takes a network to defend a network. While analytics provide a window into an enemy s intentions, network defense tactics ensure you are prepared for the unexpected. As a contractor to the Department of Defense, Booz Allen has decades of experience in protecting sensitive data from rogue agents attempting to access the firm s networks, intellectual property, and clientsensitive data. From state-sponsored spying to hacktivist groups, our cyber defense experts have successfully responded to a range of network attacks, and now you can put that expertise to work for your organization. Led by the Booz Allen Cyber Security Operations Center (CSOC), the Booz Allen Cyber Solutions Network can track networks 24/7, 365 days-a-year, ensuring real-time threat detection, protection, monitoring, and response. 4

7 Proven technologies for the front lines of cybersecurity. The cyber war is taking place across technology, but not all weaponry is created equal. To combat modern threats, your organization needs the right defense tools, but researching, evaluating, and procuring the best commercial-off-the-shelf cyber technologies is costly and time consuming. Our Cyber Product Evaluation capabilities take the guesswork out of the decision-making, providing a technology proving ground where cyber technologies are tested under real-world conditions, and exposed to real cyber attacks. All product information, including performance scores, weaknesses, vulnerabilities, and compliance data is stored in the searchable Cyber Resources Library, which clients can access at any time. The Cyber Solutions Network brings technical performance, security, and interoperability data to your fingertips, empowering you to choose the best cyber technologies for your unique missions. 5

8 From insight to action through the power of data. Technology plays a critical role in cyber defense, but technology is useless without talented professionals capable of harnessing those tools to make good decisions. A 21st century cyber professional is armed with a blend of technical expertise and analytical skills required to understand today s threat environment and build solutions that thrive in the modern cyber battleground. Unfortunately, demand for this type of talent is far exceeding supply. In 2009, Booz Allen collaborated with the Partnership for Public Service on a research report entitled, Cyber In-Security: Strengthening the Federal Cybersecurity Workforce. The study found that federal IT leaders need an influx of cyber talent to meet agency missions, but are unhappy with the quality and quantity of current applicants. The private sector faces a similar skill shortage, and our Advanced Cyber Training capabilities are designed to help you close the gap. The Booz Allen Cyber Training Center (CTC) serves as a virtual cyber bootcamp for clients, forging the next generation of cyber warriors. Educational resources cover critical tactics and methodologies around passive information gathering, OS exploitation, computer forensics, malware analysis, and much more. Training includes both defensive and offensive techniques, so clients learn how to think like the enemy as well as defend against them. Content is available on demand at any time, from any Internet connection, in a virtualized environment that encourages collaboration and information sharing with other cyber experts on the network. 6

9 Booz Allen Cyber Solutions Network Centers and Labs Booz Allen Cyber Solutions Center, McLean The Booz Allen Cyber Solutions Center, McLean in suburban Washington DC is the gateway to the full suite of resources, training, and innovations that comprise the foundation of the Booz Allen Cyber Solutions Network. As the central hub for the entire constellation of centers, Booz Allen CSC/McLean houses the Cyber Solutions Library, which offers the latest evaluation data on cyber technology tools. This location is the launch pad for Booz Allen staff and clients to realize the power of the Booz Allen Cyber Solutions Network. Booz Allen Cyber Solutions Center, National Business Park Rely on the Booz Allen Cyber Solutions Center, National Business Park near Fort Meade for advanced cyber analytics that reveal unprecedented insights to thwart cyber threats. Specializing in developing and implementing classified programs for Intelligence and Defense clients, its sophisticated, state-of-theart showroom displays the latest innovations, while advanced cyber training readies tomorrow s cyber warriors. Booz Allen Cyber Solutions Center, Red Bank Located in close proximity to the nation s financial epicenter in New York City, the Booz Allen Cyber Solutions Center, Red Bank is a virtual junction point where commercial clients and Booz Allen staff access the vast training resources within the Booz Allen Cyber Solutions Network. Home to the Open Source Intelligence Center, this location offers solutions in ediscovery, advanced analytics, mobile response, and social media monitoring. Through secure, remote access to the Booz Allen Cyber Security Operations Center, the Booz Allen CSC/Red Bank extends the cyber defenses of the Booz Allen Cyber Solutions Network and enables our clients to navigate the increasingly complex regulatory and policy environment surrounding cyber security. Booz Allen Cyber Computing Center (CCC) The Booz Allen Cyber Computing Center is the impenetrable vault within the Booz Allen Cyber Solutions Network where highly sensitive data is stored, managed and analyzed behind a layer of unquestionable security. Its document repository enables clients to store and analyze data within an ISO certified environment, built from the ground up to satisfy the most demanding data assurance requirements. 7

10 Booz Allen Cyber Analytics Center (CAC) The Booz Allen Cyber Analytics Center is at the intersection of technological expertise and analytical rigor within the Booz Allen Cyber Solutions Network. At the Booz Allen CAC, advanced analytics practitioners, operating 24 hours-a-day, use a throng of powerful analytical tools to sift through massive volumes of open source data and surface timely cyber insights. Sophisticated text analytics, sentiment analysis, and language processing technologies help our clients make sense of their unique threat environment and help prioritize response activity before threats. escalate. Booz Allen Cyber Security Operations Center (CSOC) The Booz Allen Cyber Security Operations Center (CSOC) is the heart of the Booz Allen Cyber Solutions Network and monitors its pulse 24x7x365. Equipped with capabilities in mobile forensics, network monitoring and surge support, the Booz Allen CSOC proactively tracks network intrusion attempts and prevents access to rogue cyber agents. Home to Booz Allen s highly trained computer incident response team, the Booz Allen CSOC proactively scours the threat environment in real-time and stifles any threats before they escalate. Booz Allen Cyber Training Center (CTC) Booz Allen s Cyber Training Center serves as the cyber boot camp for the Booz Allen Cyber Solutions Network, delivering training solutions that keep you one step ahead of cyber enemies. As the primary training hub, the Booz Allen CTC virtually connects each location on the network, making the latest educational content available on-demand, from any location. Featuring content on network fundamentals, telecom, routing concepts, and a range of other cyber competencies, programs are designed to empower the next generation of cyber warriors. Booz Allen Cyber Assurance Testing Lab (CATL) Booz Allen s Cyber Assurance Testing Lab simplifies the process of researching and evaluating commercial-off-the-shelf cyber solutions. This hands-on, interactive technology proving ground puts available cyber tools through the paces and identifies the best products the market has to offer. With testing and evaluation capabilities across security, interoperability, and compliance, the lab ensures you are making the best buying decisions for your organization s unique cyber mission. Booz Allen Cyber Engineering & Integration Center (CEIC) Booz Allen s Cyber Engineering & Integration Center offers the ability to collaborate with the best cyber minds in the industry. You can partner with Booz Allen cyber experts to investigate malicious code, take prototypes for a test drive, and train within a simulated environment. This cyber sandbox provides a secure virtual network and computing infrastructure that powers collaborative learning, testing and cyber capability development across the entire Booz Allen Cyber Solutions Network. 8

11 About Booz Allen Booz Allen Hamilton has been at the forefront of strategy and technology consulting for nearly a century. Today, Booz Allen is a leading provider of management and technology consulting services to the US government in defense, intelligence, and civil markets, and to major corporations, institutions, and not-for-profit organizations. In the commercial sector, the firm focuses on leveraging its existing expertise for clients in the financial services, healthcare, and energy markets, and to international clients in the Middle East. Booz Allen offers clients deep functional knowledge spanning strategy and organization, engineering and operations, technology, and analytics which it combines with specialized expertise in clients mission and domain areas to help solve their toughest problems. The firm s management consulting heritage is the basis for its unique collaborative culture and operating model, enabling Booz Allen to anticipate needs and opportunities, rapidly deploy talent and resources, and deliver enduring results. By combining a consultant s problem-solving orientation with deep technical knowledge and strong execution, Booz Allen helps clients achieve success in their most critical missions as evidenced by the firm s many client relationships that span decades. Booz Allen helps shape thinking and prepare for future developments in areas of national importance, including cybersecurity, homeland security, healthcare, and information technology. Booz Allen is headquartered in McLean, Virginia, employs more than 25,000 people, and had revenue of $5.59 billion for the 12 months ended March 31, Fortune has named Booz Allen one of its 100 Best Companies to Work For for seven consecutive years. Working Mother has ranked the firm among its 100 Best Companies for Working Mothers annually since More information is available at www. boozallen.com. (NYSE: BAH) To learn more about the firm and to download digital versions of this article and other Booz Allen Hamilton publications, visit Joe Mahaffee Chief Information Security Officer and Executive Vice President mahaffee_joe@bah.com Raynor Dahlquist Vice President and Director of the Booz Allen Cyber Solutions Network hutchinson-dahlquist_anne@bah.com Charles Tamburello Principal tamburello_charles@bah.com

12 Principal Offices ALABAMA Huntsville CALIFORNIA Los Angeles San Diego San Francisco COLORADO Colorado Springs Denver FLORIDA Pensacola Sarasota Tampa GEORGIA Atlanta HAWAII Honolulu ILLINOIS O Fallon KANSAS Leavenworth MARYLAND Aberdeen Annapolis Junction Lexington Park Linthicum Rockville NEBRASKA Omaha NEW JERSEY Eatontown NEW YORK Rome OHIO Dayton PENNSYLVANIA Philadelphia SOUTH CAROLINA Charleston TEXAS Houston San Antonio VIRGINIA Alexandria Arlington Chantilly Charlottesville Falls Church Herndon McLean Norfolk Stafford WASHINGTON, DC Middle East UNITED ARAB EMIRATES Abu Dhabi The most complete, recent list of offices and their addresses and telephone numbers can be found on by clicking the Offices link under About Booz Allen Booz Allen Hamilton Inc.